Sometimes sharing is bad. Don’t worry. We don’t plan to rush into kindergartens across America and break the news to all the 5-year-olds, but it’s true. Especially when it comes to national security and your privacy, it may be necessary to collect and use certain information, but wrong to share it.
When a federal government advisory committee recently revealed that the Department of Homeland Security (which contains both the Secret Service and the TSA) is in the “process of creating a policy framework and technology architecture for enhancing DHS's information-sharing capabilities,” it immediately raised these types of concerns and today we sent a letter to DHS outlining those concerns.
At this point details are very scarce. But we do know DHS’s 230,000 employees collect enormous amounts of information every day. A small sampling includes:
- benefit information from the Federal Emergency Management Agency,
- traveler information from Customs and Border Patrol and TSA,
- work history from the E-Verify program,
- permit and payment information from the Coast Guard,
- naturalization records from the Citizenship and Immigration Service, and
- personal information like social security number, date of birth and email address from a wide variety of sources.
All this sharing raises a host of possible concerns. We have already seen breaches from these systems, raising concerns over identity theft. In 2009 one DHS program, E-Verify, accidently allowed unauthorized individuals to gain access to the social security numbers of, and other information about, more than 37,000 people.
Other DHS programs have been criticized for how they use computer analysis, called data mining. Earlier this year government auditors identified a series of problems with DHS databases, and concluded “Until such reforms are in place, DHS and its component agencies may not be able to ensure that critical data mining systems used in support of counterterrorism are both effective and that they protect personal privacy.”
Many DHS systems contain information which is incorrect or wildly prejudicial. Suspicious Activity Reporting programs, like the “America’s Waterways Watch” program or “See Something, Say Something,” encourage the reporting of innocuous activities like photography or operating a boat “with no apparent destination” as suspicious behavior to the Coast Guard or other DHS components, even though there is no reasonable basis to believe these commonplace activities indicate the occurrence of criminal or terrorist activity. Further dissemination of it, even to a limited extent, would dramatically exacerbate that problem and harm innocent people.
Given all these problems, DHS shouldn’t rush into any information sharing system. The department must assess the necessity and scope of any program and do so as part of an open and transparent process. Only then can the public decide whether DHS is using the information it gathers appropriately or oversharing it in a way that is likely to harm the privacy of every American.